Cisco Community
English
Register
ANNOUNCEMENT - Security Restructure has finished!. Email and Web Notifications are ON now - LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
1027
Views
0
Helpful
0
Replies
George Mason
George Mason Beginner
Beginner
‎03-04-2013 08:27 AM
‎03-04-2013 08:27 AM

Implement per VPN QoS/shaping on ASA

Hi,

I'm trying to implement a solution where voice traffic to a bunch of remote sites is given priority over other general traffic. The sites are all connected via different grades of DSL and serial links, they all have different bandwidth characteristics. They all have a static VPN back to the ASA at the head office. The head office connection is a leased line and therefore has more bandwidth than all of the remote sites.

I have been reading about class-map and policy-map commands but as far as I can see, I can't use them because:

#1 in order to implement QoS, I first have to be queuing the traffic on the ASA, which means implementing shaping, and if I do that then...

#2 since the policy map is installed on the outside interface, any shaping I do will affect all traffic through that interface, not just to the VPN end points

What I think I need to do is have different policy maps for each tunnel group - but can't see a way to do that.

Grateful to anyone who can fault my logic as am sure I'm missing something obvious.

Thanks

George

1 person had this problem
0 Helpful
Reply
Latest Contents
Multiple Vulnerabilities in Cisco FXOS and NX-OS Software
Created by Omar Santos on 02-26-2020 02:18 PM
0
0
0
0
On February 24, 2020, the Cisco PSIRT published eleven (11) vulnerabilities in Cisco FXOS and NX-OS Software. Eight (8) out of the eleven (11) vulnerabilities were found by our internal security and engineering teams, two were found by TAC during the trou... view more
NGFW
Created by starsulaiman21266 on 02-25-2020 01:58 AM
1
0
1
0
Hello All, i have two vm firepower as HA and they are working fine as HA the traffics going through fin but there is a red mark shows on the HA, can someone tell me what does that mean please? This only appears on the HA not in individual device... view more
Meet the Authors FAQ´s - A Cybersecurity Deep Dive with Omar...
Created by ciscomoderator on 02-24-2020 05:28 PM
0
0
0
0
Software Checker and Automation   This event had place on Thursday 23rd, January at 10hrs PDT  Introduction   Featured Author Omar Santos is an active member of the cyber security community, where he leads several industry-wide init... view more
Get the Cisco 2020 CISO Benchmark Report
Created by Kelli Glass on 02-24-2020 08:16 AM
0
0
0
0
Securing What's Now and What's Next. With our annual global survey of 2,800 security leaders, we dove deep to compile key benchmark statistics. The 2020 CISO Benchmark Report provides valuable takeaways and data on the most pressing cybersecurity to... view more
Malware Policy
Created by Manu Shankar on 02-24-2020 02:40 AM
1
0
1
0
I have 2 Firepower module (ASA 5525) with Malware and IPS licence. Recently i changed the Malware policy action set to "Block Malware" and "Reset Connection". How to log the event if my policy blocked any files? Please find the attached screen shot f... view more
CreatePlease to create content
Discussion
Blog
Document
Video